| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Feb 2018 22:50:04 +0900
From: Masatake YAMATO <yamato@...hat.com>
To: netdev@...r.kernel.org
Cc: yamato@...hat.com
Subject: [PATCH] ss: prepare rth when killing inet sock
kill_inet_sock() expects rhn_handle instance is passed
via inet_diag_arg argument. However on the following calling path:
generic_show_sock
=> show_one_inet_sock
=> kill_inet_sock
rth field of inet_diag_arg is not filled with the address of
rhn_handle instance. As the result ss crashes.
This commit fills the field with newly created rhn_handle
instance.
Signed-off-by: Masatake YAMATO <yamato@...hat.com>
---
misc/ss.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/misc/ss.c b/misc/ss.c
index 29a25070..a59fa2c1 100644
--- a/misc/ss.c
+++ b/misc/ss.c
@@ -4258,11 +4258,18 @@ static int generic_show_sock(const struct sockaddr_nl *addr,
{
struct sock_diag_msg *r = NLMSG_DATA(nlh);
struct inet_diag_arg inet_arg = { .f = arg, .protocol = IPPROTO_MAX };
+ struct rtnl_handle rth_inet;
+ int result_inet;
switch (r->sdiag_family) {
case AF_INET:
case AF_INET6:
- return show_one_inet_sock(addr, nlh, &inet_arg);
+ if (rtnl_open_byproto(&rth_inet, 0, NETLINK_SOCK_DIAG))
+ return -1;
+ inet_arg.rth = &rth_inet;
+ result_inet = show_one_inet_sock(addr, nlh, &inet_arg);
+ rtnl_close(&rth_inet);
+ return result_inet;
case AF_UNIX:
return unix_show_sock(addr, nlh, arg);
case AF_PACKET:
--
2.14.3
Powered by blists - more mailing lists